| 1 |
On 3/3/06, Stelian Ionescu <stelian.ionescu-zeus@×××××.it> wrote: |
| 2 |
> On Fri, Mar 03, 2006 at 04:31:44PM -0500, Andy Dustman wrote: |
| 3 |
> >On 3/3/06, Edward Muller <edwardam@××××××××.com> wrote: |
| 4 |
> >> One of our clients has the following setup: |
| 5 |
> >> httpd 2.0.55 (Gentoo package 2.0.55-r1) |
| 6 |
> >> Zope 2.6.1 |
| 7 |
> >> |
| 8 |
> >> Apache proxies zope for a http and https host via mod_rewrite/proxy |
| 9 |
> >> |
| 10 |
> >> POSTs going to httpd=>zope via http are fine, posts going to httpd=>zope via |
| 11 |
> >> https are not. |
| 12 |
> > |
| 13 |
> >Yup: |
| 14 |
> > |
| 15 |
> >https://bugs.gentoo.org/show_bug.cgi?id=121402 |
| 16 |
> >http://issues.apache.org/bugzilla/show_bug.cgi?id=37145 |
| 17 |
> > |
| 18 |
> >Unfortunately for you and me, despite having the patch available from |
| 19 |
> >upstream, the developer closed the bug with the comment "2.0.56 should |
| 20 |
> >be out real soon now, which addresses this problem." That was a month |
| 21 |
> >ago. |
| 22 |
> 1) download this patch: |
| 23 |
> http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/proxy/proxy_http.c?p2=%2Fhttpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2Fproxy_http.c&p1=httpd%2Fhttpd%2Fbranches%2F2.0.x%2Fmodules%2Fproxy%2Fproxy_http.c&r1=372046&r2=372045&rev=372046&view=diff&makepatch=1&diff_format=u |
| 24 |
> to /usr/portage/net-www/apache/files/plone.patch |
| 25 |
> 2) add this lines to the src_unpack in apache-2.0.55-r1.ebuild right |
| 26 |
> after "epatch ${GENTOO_PATCHDIR}...": |
| 27 |
> |
| 28 |
> epatch ${FILESDIR}/plone.patch |
| 29 |
> |
| 30 |
> 3) execute: ebuild /usr/portage/net-www/apache/apache-2.0.55-r1.ebuild digest |
| 31 |
> 4) remerge apache-2.0.55-r1 |
| 32 |
> |
| 33 |
> (I'm ssuming that you're using an ~arch apache and that your portage |
| 34 |
> tree is in /usr/portage; alternativerly you might copy the ebuild to an |
| 35 |
> overlay and add the patch there) |
| 36 |
|
| 37 |
Actually, I just found a workaround. I saw something about |
| 38 |
mod_security, and thought that by adding that as an intermediate |
| 39 |
processing layer, it might fix the problem, and it does. |
| 40 |
|
| 41 |
1) emerge mod_security |
| 42 |
|
| 43 |
2) edit /etc/apache2/modules.d/99_mod_security.conf to suit, and in |
| 44 |
particular, you must comment out this rule: |
| 45 |
|
| 46 |
# Forbid file upload |
| 47 |
#SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data |
| 48 |
|
| 49 |
Otherwise, you can't submit POST form data. |
| 50 |
|
| 51 |
3) add -D SECURITY to the args in /etc/conf.d/apache2 |
| 52 |
|
| 53 |
4) /etc/init.d/apache2 restart |
| 54 |
|
| 55 |
BTW, it's not a Plone- or Zope-specific problem. It can happen anytime |
| 56 |
you are using mod_ssl to mod_proxy and have multi-part form data. |
| 57 |
-- |
| 58 |
The Pythonic Principle: Python works the way it does |
| 59 |
because if it didn't, it wouldn't be Python. |
| 60 |
|
| 61 |
-- |
| 62 |
gentoo-server@g.o mailing list |
Archives